Add some more apps, rename from rules.lsrules to applications.lsrules

README.md

@@ -6,6 +6,10 @@ Rules for [Little Snitch] that allow various programs to operate.
 - Each rule has a description that describes why it's needed.
 - All rules are disabled by default.
 
-[Subscribe](https://andre4ik3.github.io/rules/)
+[Subscribe](https://andre4ik3.github.io/rules/) or use this URL:
+
+```
+https://andre4ik3.github.io/rules/applications.lsrules
+```
 
 [Little Snitch]: https://obdev.at/products/littlesnitch/index.html

rulegen/main.ts

@@ -1,5 +1,5 @@
 import { LSRules } from "./utils.ts";
-import Rules from "./rules.ts";
+import Rules from "./rules/applications.ts";
 
 const rules: LSRules = {
   name: "Application Rules",
@@ -9,10 +9,10 @@ const rules: LSRules = {
 };
 
 await Deno.mkdir("./_site", { recursive: true });
-await Deno.writeTextFile("./_site/rules.lsrules", JSON.stringify(rules));
+await Deno.writeTextFile("./_site/applications.lsrules", JSON.stringify(rules));
 
 const subscribeLink =
-  "x-littlesnitch:subscribe-rules?url=https%3A%2F%2Fandre4ik3.github.io%2Frules%2Frules.lsrules";
+  "x-littlesnitch:subscribe-rules?url=https%3A%2F%2Fandre4ik3.github.io%2Frules%2Fapplications.lsrules";
 
 const intro = `<html lang="en">
 <head><title>Little Snitch Application Rules</title></head>

rulegen/rules/applications.ts

@@ -0,0 +1,100 @@
+import { Direction, makeRule, Protocol, Remote, RemoteType } from "../utils.ts";
+
+const Apps = {
+  iStatMenus: {
+    daemon: "/Library/Application Support/iStat Menus 6/iStatMenusDaemon",
+    status:
+      "/Library/Application Support/iStat Menus 6/iStat Menus Status.app/Contents/MacOS/iStat Menus Status",
+  },
+
+  littleSnitch: {
+    downloader:
+      "/Library/Application Support/Objective Development/Little Snitch/Components/at.obdev.littlesnitch.daemon.bundle/Contents/XPCServices/at.obdev.littlesnitch.urldownloader.xpc/Contents/MacOS/at.obdev.littlesnitch.urldownloader",
+    updater:
+      "/Applications/Little Snitch.app/Contents/Components/Little Snitch Software Update.app/Contents/MacOS/Little Snitch Software Update",
+  },
+
+  wireguard:
+    "/Applications/WireGuard.app/Contents/PlugIns/WireGuardNetworkExtension.appex/Contents/MacOS/WireGuardNetworkExtension",
+
+  remoteDesktop: {
+    agent:
+      "/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent",
+    app: "/Applications/Remote Desktop.app/Contents/MacOS/Remote Desktop",
+  },
+} as const;
+
+export default [
+  /* ======================================================================== */
+  /* iStat Menus                                                              */
+  /* ======================================================================== */
+
+  makeRule({
+    process: Apps.iStatMenus.daemon,
+    remote: Remote.BPF,
+    notes: "Allows iStat Menus to gather network statistics.",
+  }),
+
+  makeRule({
+    process: Apps.iStatMenus.status,
+    remote: [RemoteType.Host, ["ip.istatmenus.app"]],
+    using: [[Protocol.TCP, 443]],
+    notes: "Allows iStat Menus to display the public IP address.",
+  }),
+
+  makeRule({
+    process: Apps.iStatMenus.status,
+    remote: [RemoteType.Address, ["1.1.1.1", "1.0.0.1"]],
+    using: [[Protocol.ICMP, "any"]],
+    notes: "Allows iStat Menus to check for internet connectivity.",
+  }),
+
+  /* ======================================================================== */
+  /* Little Snitch                                                            */
+  /* ======================================================================== */
+
+  makeRule({
+    process: Apps.littleSnitch.downloader,
+    remote: Remote.Any,
+    using: [[Protocol.TCP, 443]],
+    notes: "Allows Little Snitch to download/update Rule Group Subscriptions.",
+  }),
+
+  makeRule({
+    process: Apps.littleSnitch.updater,
+    remote: [RemoteType.Host, ["sw-update.obdev.at"]],
+    using: [[Protocol.TCP, 443]],
+    notes: "Allows Little Snitch to check for and install updates.",
+  }),
+
+  /* ======================================================================== */
+  /* WireGuard                                                                */
+  /* ======================================================================== */
+
+  makeRule({
+    process: Apps.wireguard,
+    remote: Remote.Any,
+    direction: [Direction.Incoming, Direction.Outgoing],
+    using: [[Protocol.UDP, "any"]],
+    notes: `Allows WireGuard to communicate with VPN servers.
+Note: Both this rule and the outgoing rule are required for proper operation.`,
+  }),
+
+  /* ======================================================================== */
+  /* Apple Remote Desktop                                                     */
+  /* ======================================================================== */
+
+  makeRule({
+    process: Apps.remoteDesktop.agent,
+    remote: Remote.Any,
+    using: [[Protocol.UDP, 3283]],
+    notes: "Allows Apple Remote Desktop to gather information about machines.",
+  }),
+
+  makeRule({
+    process: Apps.remoteDesktop.app,
+    remote: Remote.Any,
+    using: [[Protocol.ICMP, "any"], [Protocol.TCP, 5900]],
+    notes: "Allows Apple Remote Desktop to perform screen sharing.",
+  }),
+].flat();

rulegen/utils.ts

@@ -17,6 +17,7 @@ export enum Priority {
 }
 
 export enum Protocol {
+  Any = "any",
   TCP = "tcp",
   UDP = "udp",
   ICMP = "icmp",
@@ -77,15 +78,15 @@ export interface MakeRuleOptions {
   action?: Action;
 
   remote: Remote | [RemoteType, string[]];
-  using?: [number | "any", Protocol][];
+  using?: [Protocol, number | "any"][];
   notes: string;
 }
 
 const defaultOptions = {
   direction: [Direction.Outgoing],
   priority: Priority.Regular,
   action: Action.Allow,
-  using: [[443, Protocol.TCP]] as [number | "any", Protocol][],
+  using: [[Protocol.Any, "any"]] as [Protocol, number | "any"][],
 };
 
 type CombinedOptions = typeof defaultOptions & MakeRuleOptions;
@@ -119,8 +120,8 @@ export function makeRule(input: MakeRuleOptions): Rule[] {
         via: opts.via,
         disabled: true,
 
-        ports: using[0] === "any" ? undefined : `${using[0]}`,
-        protocol: using[1],
+        ports: using[1] === "any" ? undefined : `${using[1]}`,
+        protocol: using[0] === Protocol.Any ? undefined : using[0],
         notes: opts.notes,
         ...makeRemote(opts.remote),
       });